DomainDouche – OSINT Tool to Abuse SecurityTrails Domain Suggestion API To Find Potentially Related Domains By Keyword And Brute Force

Abusing SecurityTrails domain suggestion API to find potentially related domains by keyword and brute force. Use it while it still works (Also, hmu on Mastodon: @[email protected]) Usage: usage: [-h] [-n N] -c COOKIE -a USER_AGENT [-w NUM] [-o OUTFILE] keywordAbuses SecurityTrails API to find related domains by keyword.Go to, solve any CAPTCHA youRead More

Kubeeye – Tool To Find Various Problems On Kubernetes, Such As Application Misconfiguration, Unhealthy Cluster Components And Node Problems

  KubeEye is an inspection tool for Kubernetes to discover Kubernetes resources (by OPA ), cluster components, cluster nodes (by Node-Problem-Detector) and other configurations are meeting with best practices, and giving suggestions for modification. KubeEye supports custom inspection rules and plugins installation. Through KubeEye Operator, you can view the inspection results and modification suggestions byRead More

Deadfinder – Find Dead-Links (Broken Links)

Dead link (broken link) means a link within a web page that cannot be connected. These links can have a negative impact to SEO and Security. This tool makes it easy to identify and modify. Installation Install with Gem gem install deadfinder Docker Image docker pull Usage Commands: deadfinder file # Scan the URLsRead More

Trufflehog – Find Credentials All Over The Place

TruffleHog Find leaked credentials. Join The Slack Have questions? Feedback? Jump in slack and hang out with us Demo docker run -it -v “$PWD:/pwd” trufflesecurity/trufflehog:latest github –org=trufflesecurity What’s new in v3? TruffleHog v3 is a complete rewrite in Go with many new powerful features. We’ve added over 700 credential detectors that support active verificationRead More

SharpSniper – Find Specific Users In Active Directory Via Their Username And Logon IP Address

Often a Red Team engagement is more than just achieving Domain Admin. Some clients will want to see if specific users in the domain can be compromised, for example the CEO. SharpSniper is a simple tool to find the IP address of these users so that you can target their box. It requires that youRead More

Dora – Find Exposed API Keys Based On RegEx And Get Exploitation Methods For Some Of Keys That Are Found

Features Blazing fast as we are using ripgrep in backend Exploit/PoC steps for many of the API key, allowing to write a good report for bug bounty hunting Unlike many other API key finders, dora also shows the path to the file and the line with context for easier analysis Can easily be implemented intoRead More

Wholeaked – A File-Sharing Tool That Allows You To Find The Responsible Person In Case Of A Leakage

wholeaked is a file-sharing tool that allows you to find the responsible person in case of a leakage. It’s written in Go. How? wholeaked gets the file that will be shared and a list of recipients. It creates a unique signature for each recipient and adds it to the file secretly. After then, it canRead More

Master_Librarian – A Simple Tool To Audit Unix/*BSD/Linux System Libraries To Find Public Security Vulnerabilities

A simple tool to audit Unix/*BSD/Linux system libraries to find public security vulnerabilities. To install requirements: $ sudo python3 -m pip install -r requirements.txt Overview: vulnerabilities on local libraries by CoolerVoid Example: $ python3 -t csv $ python3 -t txt -l 3 usage: [-h] -t TYPES [-l LIMIT] optional arguments: -h, –helpRead More

Ocr-Recon – Tool To Find A Particular String In A List Of URLs Using Tesseract’S OCR (Optical Character Recognition) Capabilities

This tool is useful to find a particular string in a list of URLs using tesseract’s OCR (Optical Character Recognition) capabilities. Usage Usage: python3 listwithURLs stringtosearch Download Ocr-Recon

Scylla – The Simplistic Information Gathering Engine | Find Advanced Information On A Username, Website, Phone Number, Etc

Notice For Deprecation This project is no longer being worked on by the developer. As of today, the program has many flaws and is not up to modern OSINT standards. A lot of APIs utilized within Scylla are no longer working as they did when the project was first released. The developer wrote Scylla outRead More